<!DOCTYPE HTML>
<html>
<head>
  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
  <title>Test for Cross Site XMLHttpRequest</title>
  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>        
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<p id="display">
<iframe id=loader></iframe>
</p>
<div id="content" style="display: none">
  
</div>
<pre id="test">
<script class="testbody" type="application/javascript;version=1.8">

SimpleTest.waitForExplicitFinish();
SimpleTest.requestLongerTimeout(2);

var origins =
  [{ server: 'http://example.org' },
   { server: 'http://example.org:80',
     origin: 'http://example.org'
   },
   { server: 'http://sub1.test1.example.org' },
   { server: 'http://test2.example.org:8000' },
   { server: 'http://sub1.\xe4lt.example.org:8000',
     origin: 'http://sub1.xn--lt-uia.example.org:8000'
   },
   { server: 'http://sub2.\xe4lt.example.org',
     origin: 'http://sub2.xn--lt-uia.example.org'
   },
   { server: 'http://ex\xe4mple.test',
     origin: 'http://xn--exmple-cua.test'
   },
   { server: 'http://xn--exmple-cua.test' },
   { server: 'http://\u03c0\u03b1\u03c1\u03ac\u03b4\u03b5\u03b9\u03b3\u03bc\u03b1.\u03b4\u03bf\u03ba\u03b9\u03bc\u03ae',
     origin: 'http://xn--hxajbheg2az3al.xn--jxalpdlp'
   },
   { origin: 'http://example.org',
     file: 'jar:http://example.org/tests/dom/security/test/cors/file_CrossSiteXHR_inner.jar!/file_CrossSiteXHR_inner.html'
   },
   { origin: 'null',
     file: 'http://example.org/tests/dom/security/test/cors/file_CrossSiteXHR_inner_data.sjs'
   },
   ];

   //['https://example.com:443'],
   //['https://sub1.test1.example.com:443'],

window.addEventListener("message", function(e) {
  gen.send(e.data);
}, false);

gen = runTest();

function runTest() {
  var loader = document.getElementById('loader');
  var loaderWindow = loader.contentWindow;
  loader.onload = function () { gen.next() };

  // Test preflight-less requests
  basePath = "/tests/dom/security/test/cors/file_CrossSiteXHR_server.sjs?"
  baseURL = "http://mochi.test:8888" + basePath;

  for (originEntry of origins) {
    origin = originEntry.origin || originEntry.server;

    loader.src = originEntry.file ||
                 (originEntry.server + "/tests/dom/security/test/cors/file_CrossSiteXHR_inner.html");
    yield undefined;

    var isNullOrigin = origin == "null";

    port = /:\d+/;
    passTests = [
      origin,
      "*",
      " \t " + origin + "\t \t",
      "\t \t* \t ",
    ];
    failTests = [
      "",
      " ",
      port.test(origin) ? origin.replace(port, "")
                        : origin + ":1234",
      port.test(origin) ? origin.replace(port, ":")
                        : origin + ":",
      origin + ".",
      origin + "/",
      origin + "#",
      origin + "?",
      origin + "\\",
      origin + "%",
      origin + "@",
      origin + "/hello",
      "foo:bar@" + origin,
      "* " + origin,
      origin + " " + origin,
      "allow <" + origin + ">",
      "<" + origin + ">",
      "<*>",
      origin.substr(0, 5) == "https" ? origin.replace("https", "http")
                                     : origin.replace("http", "https"),
      origin.replace("://", "://www."),
      origin.replace("://", ":// "),
      origin.replace(/\/[^.]+\./, "/"),
    ];

    if (isNullOrigin) {
      passTests = ["*", "\t \t* \t ", "null"];
      failTests = failTests.filter(function(v) { return v != origin });
    }
    
    for (allowOrigin of passTests) {
      req = {
        url: baseURL +
             "allowOrigin=" + escape(allowOrigin) +
             "&origin=" + escape(origin),
        method: "GET",
      };
      loaderWindow.postMessage(req.toSource(), isNullOrigin ? "*" : origin);

      res = eval(yield);
      is(res.didFail, false, "shouldn't have failed for " + allowOrigin);
      is(res.status, 200, "wrong status for " + allowOrigin);
      is(res.statusText, "OK", "wrong status text for " + allowOrigin);
      is(res.responseXML,
         "<res>hello pass</res>",
         "wrong responseXML in test for " + allowOrigin);
      is(res.responseText, "<res>hello pass</res>\n",
         "wrong responseText in test for " + allowOrigin);
      is(res.events.join(","),
         "opening,rs1,sending,loadstart,rs2,rs3,rs4,load,loadend",
         "wrong responseText in test for " + allowOrigin);
    }

    for (allowOrigin of failTests) {
      req = {
        url: baseURL + "allowOrigin=" + escape(allowOrigin),
        method: "GET",
      };
      loaderWindow.postMessage(req.toSource(), isNullOrigin ? "*" : origin);

      res = eval(yield);
      is(res.didFail, true, "should have failed for " + allowOrigin);
      is(res.responseText, "", "should have no text for " + allowOrigin);
      is(res.status, 0, "should have no status for " + allowOrigin);
      is(res.statusText, "", "wrong status text for " + allowOrigin);
      is(res.responseXML, null, "should have no XML for " + allowOrigin);
      is(res.events.join(","),
         "opening,rs1,sending,loadstart,rs2,rs4,error,loadend",
         "wrong events in test for " + allowOrigin);
      is(res.progressEvents, 0,
         "wrong events in test for " + allowOrigin);
    }
  }

  SimpleTest.finish();

  yield undefined;
}

addLoadEvent(function() {
  SpecialPowers.pushPrefEnv({"set": [["network.jar.block-remote-files", false]]}, function() {
    gen.next();
  });
});
</script>
</pre>
</body>
</html>
